From Collaborative RCE Tool Library

Jump to: navigation, search

Test and Sandbox Environments


Tool name: Anubis
Rating: 5.0 (1 vote)
Author: Secure Systems Lab, Vienna University of Technology                        
Website: http://anubis.iseclab.org
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Online Service
Description: Anubis is a service for analyzing malware. Submit your Windows executable and receive an analysis report telling you what it does.
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Buster Sandbox Analyzer
Rating: 5.0 (1 vote)
Author: Buster                        
Website: http://bsa.isoftware.nl/
Current version: 1.81
Last updated: August 22, 2012
Direct D/L link: http://bsa.isoftware.nl/bsa.rar
License type: Free
Description: Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of sandboxed processes and the changes made to system and then evaluate if they are malware suspicious.

The changes made to system can be of several types: file system changes, registry changes and port changes.

A file system change happens when a file is created, deleted or modified. Depending of what type of file has been created (executable, library, javascript, batch, etc) and where was created (what folder) we will be able to get valuable information.

Registry changes are those changes made to Windows registry. In this case we will be able to get valuable information from the modified value keys and the new created or deleted registry keys.

Port changes are produced when a connection is done outside, to other computers, or a port is opened locally and this port starts listening for incoming connections.

From all these changes we will obtain necessary information to evaluate the "risk" of some of the actions taken by sandboxed applications.

Watching all these operations in an easy and safe manner is possible thanks to Sandboxie (http://sandboxie.com), an excellent tool created by Ronen Tzur.

Even if Buster Sandbox Analyzer´s main goal is to consider if sandboxed processes have a malware behaviour, the tool can be used also to simply obtain a list of changes made to system, so if you install a software you will know exactly what installs and where.

Additionally apart of system changes we can consider other actions as malware suspicious: keyboard logging, end the Windows session, load a driver, start a service, connect to Internet, etc.

All the above operations can be considered as not malicious but if they are performed when it´s not expected, that´s something we must take in consideration. Therefore it´s not only important to consider what actions are performed. It´s also important to consider if it´s reasonable certain actions are performed.



Program history : http://bsa.isoftware.nl/frame8.htm
Also listed in: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: ThreatExpert
Rating: 5.0 (1 vote)
Author: ThreatExpert Ltd.                        
Website: http://www.threatexpert.com/submit.aspx
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Service
Description: ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode.

In only a few minutes ThreatExpert can process a sample and generate a highly detailed threat report with the level of technical detail that matches or exceeds antivirus industry standards such as those normally found in online virus encyclopedias.

Good behavioral analysis!
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Bochs
Rating: 0.0 (0 votes)
Author: Kevin Lawton                        
Website: http://bochs.sourceforge.net
Current version: 2.3.7
Last updated: June 3, 2008
Direct D/L link: N/A
License type: Free / Open Source
Description: Bochs is a highly portable open source IA-32 (x86) PC emulator written in C++, that runs on most popular platforms. It includes emulation of the Intel x86 CPU, common I/O devices, and a custom BIOS. Currently, Bochs can be compiled to emulate a 386, 486, Pentium/PentiumII/PentiumIII/Pentium4 or x86-64 CPU including optional MMX, SSEx and 3DNow! instructions.
Bochs is capable of running most Operating Systems inside the emulation including Linux, DOS, Windows® 95/98 and Windows® NT/2000/XP or Windows Vista. Bochs was written by Kevin Lawton and is currently maintained by this project.
Bochs can be compiled and used in a variety of modes, some which are still in development. The 'typical' use of bochs is to provide complete x86 PC emulation, including the x86 processor, hardware devices, and memory. This allows you to run OS's and software within the emulator on your workstation, much like you have a machine inside of a machine. For instance, let's say your workstation is a Unix/X11 workstation, but you want to run Win'95 applications. Bochs will allow you to run Win 95 and associated software on your Unix/X11 workstation, displaying a window on your workstation, simulating a monitor on a PC.
Also listed in: X86 Emulators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CWSandbox
Rating: 0.0 (0 votes)
Author: Sunbelt                        
Website: http://www.cwsandbox.org
Current version: 2.0
Last updated:
Direct D/L link: http://www.cwsandbox.org/?page=submit
License type: Free use (web application)
Description: CWSandbox - Behavior-based Malware Analysis

Malicious software artifacts like viruses, worms and bots are currently one of the largest threats to the security of the Internet. Upon discovery, such malware must be analyzed to determine the danger which it poses. Because of the speed in which malware spreads and the large number of new malware samples which appear every day, malware analysis calls for automation. CWSandbox is an approach to automatically analyze malware which is based on behavior analysis: malware samples are executed for a finite time in a simulated environment, where all system calls are closely monitored. From these observations, CWSandbox is able to automatically generate a detailed report which greatly simplifies the task of a malware analyst.
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Joebox
Rating: 0.0 (0 votes)
Author: Joe Security                        
Website: http://www.joebox.org
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Service
Description: Joebox is a simple sandbox application with a unique special concept. It is designed for automatic behaviour analysis of malware on Windows based operating systems.

Key Features:

* Modular design and structure
* XML and HTML based analysis reports
* 100% complete network traffic reports
* Applicable on Windows XP and Windows Vista
* No emulation or virtualization software necessary
* Ability to build and differentiate behaviour baselines
* Scalable to analyse several binaries at once
* Analyses exe, dlls and even sys
* Fully scriptable
* Simply extensible
* Highly configurable

Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: malwareanalyzer
Rating: 0.0 (0 votes)
Author: beenudel1986                        
Website: http://code.google.com/p/malwareanalyzer/
Current version: 2.6.3
Last updated: October 31, 2010
Direct D/L link: N/A
License type: Free / Open Source
Description: Malwareanalyzer can be useful for:

1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware.

2. Display detailed headers of PE with all its section details, import and export symbols etc.

3.On Distro , can perform an ascii dump of the PE along with other options ( check --help argument).

4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections

5. ASCII dump on windows machine.

6. Code Analysis ( disassembling )

7. Online malware checking ( www.virustotal.com )

8. Check for Packer from the Database.

9. Tracer functionality : Can be used to identify
anti-debugging Calls tricks , File system manipulations Calls Rootkit Hooks, Keyboard Hooks , DEP Setting Change
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: NoVirusThanks
Rating: 0.0 (0 votes)
Author:                         
Website: http://scanner.novirusthanks.org
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Service
Description: If you have a suspicious file you can submit it and our system will analyze your file with 24 AntiVirus Engines and will report back the analysis report.
Also listed in: Online Multi Engine AV Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Norman SandBox
Rating: 0.0 (0 votes)
Author: Norman                        
Website: http://www.norman.com/microsites/nsic
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Online service
Description: Norman Sandbox Information Center (NSIC) is a web site that offers

* Free uploads of program files that you suspect are malicious or infected by malicious components, and instant analysis by Norman SandBox. The result is also sent you by email.
* Comprehensive statistics of files that are uploaded to NSIC during the latest day, week and month. You will then be able to see tendencies in the creation of malicious software.
* In-dept information about the analysis performed by Norman SandBox of each malicious file that is uploaded.
* Search facility in all analyses after Registry keys, file names, etc.
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Pokas x86 Emulator for Generic Unpacking
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://sourceforge.net/projects/x86emu/
Current version: 1.2.0 and 1.21 visual C++
Last updated: December 28, 2012
Direct D/L link: http://sourceforge.net/projects/x86emu/files/1.2.0/x86emu-1.2.rar/download
License type: GPL
Description: Pokas x86 Emulator is an Application-Only emulator created for generic unpacking and testing the antivirus detection algorithms.
This Emulator has many features some of them are:
1. Has an assembler and a disassembler from and to mnemonics.
2. Support adding new APIs and adding the emulation function to them.
3. Support a very powerful debugger that has a parser that parses the condition you give and create a very fast native code that perform the check on this condition.
4. Support seh and support tib, teb, peb and peb_ldr_data.
5. It monitors all the memory writes and log up to 10 previous Eips and saves the last accessed and the last modified place in memory.
6. it support 6 APIs:GetModuleHandleA, LoadLibrayA, GetProcAddress, VirtualAlloc, VirtualFree and VirtualProtect.
7. With all of these it's FREE and open source.

It successfully emulates:
1. UPX
2. FSG
3. MEW
4. Aspack
5. PECompact
6. Morphine

But it does contain bugs and it still in the beta version. It surely will be fixed soon with the help of your feedback.

you can download it from https://sourceforge.net/projects/x86emu/

AmrThabet
amr.thabet_*at*_student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debuggers, Disassembler Libraries, Disassemblers, OEP Finders, PE Executable Editors, Programming Libraries, Tracers, Unpacking Tools, Virtual Machines, X86 Disassembler Libraries, X86 Emulators, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sandboxie
Rating: 0.0 (0 votes)
Author: Ronen Tzur                        
Website: http://www.sandboxie.com
Current version: 3.42
Last updated: December 1, 2009
Direct D/L link: N/A
License type: Shareware
Description: Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

You can also access all the changes that were made during the program execution.
Also listed in: File Monitoring Tools, File System Diff Tools, Network Monitoring Tools, Registry Diff Tools, Registry Monitoring Tools, X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Security Research and Development Framework
Rating: 0.0 (0 votes)
Author: Amr Thabet                        
Website: http://blog.amrthabet.co.cc
Current version: v 1.00
Last updated: November 25, 2012
Direct D/L link: http://code.google.com/p/srdf
License type: GPL v.2
Description: Do you see writing a security tool in windows is hard?
Do you have a great idea but you can’t implement it?
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
So, Security Research and Development Framework is for you.


Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

· Assembler and Disassembler
· x86 Emulator
· Debugger
· PE Analyzer
· Process Analyzer (Loaded DLLs, Memory Maps … etc)
· MD5, SSDeep and Wildlist Scanner (YARA)
· API Hooker and Process Injection
· Backend Database, XML Serializer
· And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

· Object-oriented and easy to use development framework
· Easy IRP dispatching mechanism
· SSDT Hooker
· Layered Devices Filtering
· TDI Firewall
· File and Registry Manager
· Kernel Mode easy to use internet sockets
· Filesystem Filter

Still the Kernel-Mode in progress and many features will be added in the near future.

Source Code: http://code.google.com/p/srdf
Facebook Page: http://www.facebook.com/SecDevelop

JOIN US ... just mail me at: amr.thabet[at]student.alx.edu.eg
Also listed in: Assembler IDE Tools, Assemblers, Automated Unpackers, Debugger Libraries, Debuggers, Disassembler Libraries, Disassemblers, Driver & IRP Monitoring Tools, Exe Analyzers, Kernel Filter Monitoring Tools, Kernel Tools, Low-level Development Libraries, Malware Analysis Tools, Programming Libraries, Reverse Engineering Frameworks, X64 Disassembler Libraries, X86 Disassembler Libraries, X86 Emulators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Sunbelt Sandbox
Rating: 0.0 (0 votes)
Author: Sunbelt                        
Website: http://research.sunbelt-software.com/Submit.aspx
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Online Service
Description: Submit a malware sample to our automated sandbox server to see what the malware would do to your computer if it were installed.
Also listed in: X86 Sandboxes
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VMware Server
Rating: 0.0 (0 votes)
Author: VMware Inc                        
Website: http://www.vmware.com/products/server/
Current version: 2.0.2
Last updated: October 26, 2009
Direct D/L link: N/A
License type: Free (registration needed)
Description: The free VMware Server is based upon VMware's proven virtualization technology. With this robust yet easy to use software you can:

* Streamline software development and testing by allowing developers to create multiple environments with different operating systems on the same server.
* Simplify IT testing of patches, new applications and operating systems by allowing systems administrators to test in secure virtual machines and be able to roll back to a clean state by leveraging snapshots.
* Simplify server provisioning by building a virtual machine once and deploying it multiple times.
* Evaluate software in ready-to-run virtual machines without installation and configuration.
* Re-host legacy operating systems such as Windows NT Server 4.0 and Windows 2000 Server in a virtual machine running on new hardware and operating system.
* Leverage pre-built, ready-to-run virtual appliances that include virtual hardware, operating system and application environments. Virtual appliances for Web, file, print, DNS, email, proxy and other infrastructure services are available for download on Virtual Appliance Marketplace.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VMware Workstation
Rating: 0.0 (0 votes)
Author: VMware Inc                        
Website: http://www.vmware.com/products/ws/
Current version: 1.6
Last updated: Summer 2007
Direct D/L link: N/A
License type: Commercial (with demo)
Description: VMware Workstation 6 makes it simple to create and run multiple virtual machines on your desktop or laptop computer. You can convert an existing physical PC into a VMware virtual machine, or create a new virtual machine from scratch. Each virtual machine represents a complete PC, including the processor, memory, network connections and peripheral ports.

VMware Workstation lets you use your virtual machines to run Windows, Linux and a host of other operating systems side-by-side on the same computer. You can switch between operating systems instantly with a click of a mouse, share files between virtual machines with drag-and-drop functionality and access all the peripheral devices you rely on.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirSCAN
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.virscan.org
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Service
Description: VirSCAN.org is a FREE on-line scan service, which checks uploaded files for malware, using antivirus engines, indicated in the VirSCAN list. On uploading files you want to be checked , you can see the result of scanning and the degree of uploaded files being dangerous.
Also listed in: Online Multi Engine AV Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Virtual PC
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx
Current version: 2007
Last updated: 2007
Direct D/L link: N/A
License type: Free
Description: Microsoft's virtual machine for workstations. Not as advanced as VMware workstation, but quite fine anyway.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Virtual Server
Rating: 0.0 (0 votes)
Author: Microsoft                        
Website: http://www.microsoft.com/windowsserversystem/virtualserver/default.aspx
Current version: 2005 R2
Last updated: 2006
Direct D/L link: N/A
License type: Free
Description: Microsoft's virtual machine for servers.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirtualBox
Rating: 0.0 (0 votes)
Author: Innotek GmbH                        
Website: http://www.virtualbox.org
Current version: 3.2.12
Last updated: November 30, 2010
Direct D/L link: http://download.virtualbox.org/virtualbox/3.2.12/VirtualBox-3.2.12-68302-Win.exe
License type: Free / Open Source
Description: Innotek VirtualBox is a family of powerful x86 virtualization products for enterprise as well as home use. Not only is VirtualBox an extremely feature rich, high performance product for enterprise customers, it is also the only professional solution that is freely available as Open Source Software under the terms of the GNU General Public License (GPL).

Presently, VirtualBox runs on Windows, Linux and Macintosh hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista), DOS/Windows 3.x, Linux (2.4 and 2.6), and OpenBSD.

VirtualBox is being actively developed with frequent releases and has an ever growing list of features, supported guest operating systems and platforms it runs on. VirtualBox is a community effort backed by a dedicated company: everyone is encouraged to contribute while innotek ensures the product always meets professional quality criteria.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VirusTotal
Rating: 0.0 (0 votes)
Author: Hispasec Sistemas                        
Website: http://www.virustotal.com
Current version:
Last updated:
Direct D/L link: N/A
License type: Free Service
Description: VirusTotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines.

Specs:

* Free, independent service
* Use of multiple antivirus engines
* Real-time automatic updates of virus signatures
* Detailed results from each antivirus engine
* Real time global statistics
Also listed in: Online Multi Engine AV Scanners
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: XenExpress
Rating: 0.0 (0 votes)
Author: XenSource                        
Website: http://www.xensource.com
Current version: 4.0
Last updated: 2007
Direct D/L link: N/A
License type: Free
Description: XenExpress v4 is a free, production-ready virtualization platform that enables everyone to quickly get started with Xen virtualization. Easily installed and seamlessly upgradeable, XenExpress is your on-ramp to Xen and the XenSource v4 product family.

XenExpress v4 offers all of the base performance, tools, and easy to use features of XenEnterprise v4 and is built to run on the broadest range of standard server hardware. It supports dual socket servers with up to 4GB of RAM and can host up to four virtual machines on each system.
Also listed in: Virtual Machines
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.





Views
Category Navigation Tree
   Needs New Category  (3)